On Tue, 2003-03-04 at 23:47, [EMAIL PROTECTED] wrote: > Hi, I'm looking into the security side of VNC and i've noticed that people > have managed to get the VNC protocol working thorugh SSH and telnet. I was > wondering if anyone could give any good ideas as to how this could be > achieved and what would be the advantages of using SSH to encrypt a VNC > session. Any input would be greatly appreciated. > > Many Thanks > DM > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > http://www.realvnc.com/mailman/listinfo/vnc-list >
Well Finally, A different question! Okay, the vnc protocol does not ecrypt the information being sent back and forth, so that someone with a bit of time, the right intenert connection and a computer can see and (even worse) record everything you do via VNC. This includes the keystrokes to passwords and your internet banking, and everything... (But you know this) So your choices are a tunnel (a point to point connection routing for a specific number of applications) or a VPN (reroute the entire network protocols via a tunnel). As you can tell my opinion leans heavy towards tunnels, and I am very biased to ssh.But before I start ranting, let me acknowledge that VPN's (Virtual Private Networks) have thier place in the telecomunications. So why SSH? =========== 1) SSH is an independantly developed system not connected to any commercial needs, so you donot have to fear anyone changing the ball game to "survive", and you are not forced to trust somebody! 2) SSH is not new, so it's a mature protocoll, with all the problems already worked out, and supported by many many companies / programs known to all firewalls etc. It is a standard. 3) It is available as OpenSource. This means that there is nothing hidden in the executable code, and in this case that thousands of security experts are have looked at the code, and announced what ever errors they have found. 4) the SSH system was (is?) well designed to solve exactly this type of problem. So what is SSH? ============== SSH consists of 3 parts: 1) The Secure SHell. An encrypted and (usually compressed) telnet like connection to a remote host. Although the system was named after this part this is the least usefull. 2) An encrypted (and possibly compressed) remote file transfer system, which is extreemely usefull, but not the topic of discusion here. 3) an Encrypted (and possibly compressed) TCP port tunneling system. By setting up an SSH server, you get all this plus: + SSH server is (relatively) easy to setup, and requires NO maintenance! + the Client side can be copied to the same floppy as your vncviewer allowing you to securely remote access from anywhere! + a single SSH server can provide encrypted (and yes, compressed) tunnels for all the machines on the network behind a router/firewall, allowing for a central "tunnel" server. How do I go about this? Well you simply allow ssh connections from the internet through the firewall to your Super Linux Firewal, Router, File Server, Primary Domain Controller, Print server, Mail server, Fax Server ...... machine, and that was it! WHAT? your don't have a Linux Server that does all that? Let me guess, you live in a cave, and hunt saber-tooth tigers as sport? Well, just for people like you there is even a Windozzzze version of the SSH server. And I even wrote some documentation on how to install it! (My boss at work hunts saber-tooth tigers too! 8-) So if someone is willing to offer web space to store it, I'd be willing to remove the company specific stuff, polish it up and publish it. Jerry Westrick _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
